Two More Health Insurers Report Data Breach

Network Computing Dark Reading

Advertise

About Us

Oldest First | Newest First | Threaded View

[close this box]

xmarksthespot,
User Rank: Strategist
3/17/2015 | 9:34:47 PM

Your rights when critical data is stolen; demand fair compensation

I'll state my bias, since that's appropriate in this case. I am an information security professional. However, I am also a person very interested in consumer issues and consumer rights.

You have rights as a customer of organizations which failed basic security in their infrastructure. Basic prevention techniques could have made exploitation much more difficult. Do you think 1 year of credit monitoring will fully protect you? The answer it is not even remotely close to even the basic protection required. Identify theft may be the least of their worries. In some of these cases there are bank account numbers floating around.

This is getting to be a major confidence issue on the banking system.

At a minimum, I feel lifetime credit protection should be mandated, and the ability to pay for lifetime credit locks. That is the absolute most basic thing they should pay. What would that cost? Well, to lock credit reports is $5 or more for each one (at this time). In addition, if you want a loan or needed a credit check, you have to pay for unlocks. Is it your fault you need that unlock? Demand an adequate amount of money to pay for lifetime credit locks and unlocks and credit monitoring. Even with credit locks, the credit is opened for a window of time where others could exploit it. This is serious and corporations shouldn't be trying to weasel their way out of their liability by offering one year of credit monitoring.

Reply | Post Message | Messages List | Start a Board

Sara Peters,
User Rank: Author
3/18/2015 | 8:54:02 AM

Re: Your rights when critical data is stolen; demand fair compensation

@xmarksthespot Well, I agree with you, that one or two year/s of credit monitoring doesn't help all that much if Social Security numbers were compromised, because SSNs last forever. They might get stolen today and still be used fraudulently 10 years from now.

I doubt there will come a time when companies are required to do as you suggest, but maybe if they were, they would be inspired to invest in more security measures.

Reply | Post Message | Messages List | Start a Board

SgS125,
User Rank: Ninja
3/18/2015 | 10:48:01 AM

Lifetime?

I agree that the free monitoring will not really help for most cases of fraud and abuse of PII, but what about having to show damage if you require a company to provide you with lifetime protection?

There are many cases of data breach in 2014, not all lead to financial loss of identity theft.

Perhaps if someone wins a lawsuit showing some strong evidence of lifelong risk of loss then we can make the solution fit the problem.

You will always have the risk of Identity Theft even if your information was not lost in a data breach. A dedicated foe can cause as much damage as a script kiddie using SQL injection.

Reply | Post Message | Messages List | Start a Board

ajones980,
User Rank: Strategist
3/19/2015 | 1:48:05 PM

Not two companies - the same one, same breach.

Lifewise & Premera are basically the same company. Note that their careers links take you to a premera.com job site. This, combined with the same content at premeraupdate.com and lifewiseupdate.com, appears to show that this is one attack on one target.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP, 7/9/2021

Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours

Robert Lemos, Contributing Writer, 7/7/2021

It's in the Game (but It Shouldn't Be)

Tal Memran, Cybersecurity Expert, CYE, 7/9/2021

Live Events

Webinars

Emerging Cybersecurity Technologies - A Dark Reading Mar 23 Event

Black Hat USA - August 5-10 - Learn More

Black Hat Asia - May 9-12 - Learn More

More Informa Tech Live Events

White Papers

How Machine Learning, AI & Deep Learning Improve Cybersecurity

State of Email Security

Ransomware Resilience and Response: The Next-Generation

Ransomware Is On The Rise

How Hybrid Work Fuels Ransomware Attacks

More White Papers

Cartoon

Latest Comment: I've heard of people walking right out the front door with entire servers...

Cartoon Archive

Current Issue

The Promise and Reality of Cloud Security

Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Incident Readiness and Building Response Playbook

In this special report, learn the Xs and Os of any good security incident readiness and response playbook.

Download Now!

Battle for the Endpoint

0 comments

How Enterprises are Developing Secure Applications

0 comments

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2022-44645
PUBLISHED: 2023-01-31

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, a deserialization vulnerability with possible remote code execution impact exists when an attacker has write access to a database and configures new datasource with a MySQL data source and malicious parameters. Therefore, the paramete...

CVE-2023-0591
PUBLISHED: 2023-01-31

ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). This is due to the fact that a node name (dent_no...

CVE-2023-0592
PUBLISHED: 2023-01-31

A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. By crafting malicious JFFS2 files, attackers could force jefferson to write outside of the extraction directory.This issue affects jefferson: before 0.4.1.

CVE-2023-0593
PUBLISHED: 2023-01-31

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. By crafting a malicious YAFFS file, an attacker could force yaffshiv to write outside of the extraction directory. This issue affects yaffshiv up to version 0.1 included, which is the most recent at time of publication.

CVE-2023-24829
PUBLISHED: 2023-01-31

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3. iotdb-web-workbench is an optional component of IoTDB, providing a web console of the database. This problem is fixed from version 0.13.3 o...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]